Spammers may use automated delivery techniques, but manual work is also involved in fine-tuning their methods, all the better to trick users into opening their malicious attachments, according to a new study.
IBM’s X-Force security research lab said spam remains a primary means of delivering malware, with 44 percent of the junk emails analysed from over a six-month period containing attack code.
Ransomware overwhelmingly dominated, making up 85 percent of malicious junk messages. Spam volumes have increased by a factor of four over the past year.
Malware is increasingly targeted at particular individuals and organisations, and IBM found spam delivery times are targeted as well, with volumes rising at the beginning of the day on European time (5 a.m. GMT). A big drop came at the end of the day, European time (8 p.m. GMT), and another at the end of the day on the US west coast (7 p.m. PST, or 1 a.m. GMT).
The most spam originated from India, followed by South America and China, but IBM said spammers might outsource their deliveries to IP addresses in those countries.
Most spam is delivered by botnets, made up of internet-connected computers whose users aren’t aware they’ve been hijacked, so the actual systems involved could be located anywhere and controlled by someone in another country.
The spread of delivery times is a way of targeting users when they’re likely to be in the office, since many malicious attachments are aimed at stealing data from organisations such as businesses and governments, IBM said.
“These gangs make sure to spam employees in very pointed bouts of malicious mail, during those times in which potential new victims are more likely to open incoming email,” X-Force said in an advisory.
IBM’s analysis found that in spite of the large-scale automation involved, attackers also put hands-on work into helping their attachments slip past spam filters.
What mobile network are you using?
“Malware is more sophisticated than ever, and its delivery methods are not falling short,” IBM said in the advisory. “Spammers and spam botnets launch millions of malicious messages every day, hoping to get through to potential victims, infect new endpoints, invade another organisation and keep rolling the cash laundromat that drives cybercrime.”
Researchers have pointed to a significant shift in malware delivery that occurred this year with the release of exploits such as EternalBlue, allegedly developed by the NSA and leaked by the Shadow Brokers hacker group in April.
EternalBlue, which directly targets vulnerable SMB software found in Microsoft Windows and as such doesn’t require a user to open an infected attachment, was used in May to spread the WannaCry ransomware and the following month the NotPetya malware.
Do you know all about security in 2017? Try our quiz!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…